CVE-2021-1300Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Sd-wan Solution

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer OverflowCWE-20Improper Input ValidationCWE-601Open Redirect7 documents6 sources
Severity
9.8CRITICALNVD
GHSA7.4
EPSS
0.9%
top 24.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Sd-wan SolutionCisco Sd-wan Firmware
Timeline
PublishedJan 20
Latest updateMar 3

Description

Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDcisco/sd-wan_firmware4 versions+3

🔴Vulnerability Details

3
GHSA
CodeChecker open redirect when URL contains multiple slashes after the product name2025-03-03
GHSA
GHSA-qcph-crvp-p38c: Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device2022-05-24
CVEList
Cisco SD-WAN Buffer Overflow Vulnerabilities2021-01-20

📋Vendor Advisories

1
Cisco
Cisco SD-WAN Buffer Overflow Vulnerabilities2021-01-20

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Unsafe deserialization vulnerabilities in CODESYS Development System2021-07-26
Talos
Vulnerability Spotlight: Unsafe deserialization vulnerabilities in CODESYS Development System2021-07-26
CVE-2021-1300 — Cisco Sd-wan Solution vulnerability | cvebase